Exposures › CVE-2026-61500
Rejetto HFS 3.0.0-3.2.0 uses a weak random number generator to sign session cookies, allowing attackers to forge admin access and execute remote code.
This critical vulnerability stems from Rejetto HFS using a non-cryptographic Math.random() function to derive session cookie signing keys, enabling attackers to reconstruct the generator state and forge administrator session cookies. This leads to full administrative access and remote code execution via the server_code configuration feature, posing a severe risk to DIB organizations relying on Rejetto HFS for security controls. Immediate patching and vendor accountability are required to prevent unauthorized administrative access and potential data exfiltration.
Shame score — Using a non-cryptographic random number generator for security-critical session signing is a fundamental design flaw that enables remote code execution.
Rejetto HFS 3.0.0 through 3.2.0 derives its session-cookie signing key from the non-cryptographic Math.random() generator and discloses outputs of the same generator to unauthenticated clients during login. A remote attacker can collect a small number of login responses, reconstruct the generator's state, recover the signing key, and forge a valid administrator session cookie, leading to full administrative access and remote code execution via the server_code configuration feature.
No correlated FedRAMP products.